Encryption everywhere
AES-256-GCM for data at rest on every Neon Postgres branch, every S3 bucket, every Upstash Redis namespace. TLS 1.3 (with HSTS preload, OCSP stapling, and TLS-1.2 disabled) for every byte in transit. Field-level encryption for tokens, signing keys, and PII columns — keys live in AWS KMS, never in application memory longer than a single request.
SOC 2 Type II (in progress)
Our Type II observation window is being established, targeting attestation in Q4 2026, against the trust services criteria for Security, Availability, and Confidentiality. We are standing up continuous, automated control monitoring — controls mapped, evidence collected automatically, and drift alerted to the security team. The report will be available to Business + Enterprise customers under NDA from the trust center once attestation completes.
GDPR
EU data residency on the EU-West region (Frankfurt + Dublin). A Data Processing Agreement will be offered to every paid customer. Right-to-be-forgotten is designed to be honored within 30 days via a self-serve workspace deletion flow that cascades through every storage tier, including backups within 35 days. DPO reachable at privacy@planoda.com.
HIPAA
Business Associate Agreement available on Enterprise plans. PHI is stored only in HIPAA-eligible regions, audit logged on read + write, and segregated by workspace using Postgres Row-Level Security. We plan to commission third-party penetration testing, and we plan to run a coordinated disclosure program (rewards for verified findings at launch).
Region pinning
Pick US-East or EU-West at workspace creation. The choice is permanent and enforced at the database, storage, AI gateway, and CDN edge layers. Cross-region replication is opt-in and explicit — no workspace data ever leaves its chosen region without an admin-signed export action that lands in the audit log.
Customer-managed keys
Enterprise can bring their own AWS KMS key for envelope encryption of every encrypted column and every S3 object. Revoke the key and your workspace is cryptographically unreadable within seconds. Key-usage events stream to your CloudTrail so you have an independent record of every decrypt operation we perform on your behalf.